Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Recovery File infection


  • This topic is locked This topic is locked
25 replies to this topic

#1 Frankie777

Frankie777

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 30 September 2011 - 01:32 PM

Trying to get rid of this infection. It has shut down a lot of programs . I have windows XP Home Edition 3pk. if that is any help. My malwarebyte won't open ,windows malicious spy removal update won't dl and Microsoft security essentials won't open.I ran HIjackthis. I am getting a security warning Navcandl ieframe.dll. Any suggestions would be greatly appreciated. Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:00 PM

Posted 01 October 2011 - 01:16 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 04 October 2011 - 03:45 PM

Well this is the only file(DDS) that ran .All the others can't open up and run.gmer does not open, neither does malwarebytes. I hope this helps .BTW I have XP pro. ThanksAttached File  attach DDS.txt   28.45KB   0 downloads

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 05 October 2011 - 01:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421283 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 07 October 2011 - 01:10 PM

Can't run anything . Nothing will open. I am running Windows xp Professional Version 2002 Service Pack 3 Malwarebytes won't open . I can't run dds or gmer. I think the Data Recovery program is running.

I'm sorry it'a also 32 bit

#6 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 07 October 2011 - 01:18 PM

When I open gmer file it starts and runs for a second or two and the I get the BSOD and then it reboots. I ran a Hijackthis file before this happened . It was the last thing that ran before the dds.Which also won't run. ThanksLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:27 AM, on 9/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Frank\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OpenCloud Security] C:\Documents and Settings\Frank\Application Data\OpenCloud Security\OpenCloud Security.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tvSGtXalYqwbYq.exe] C:\Documents and Settings\All Users\Application Data\tvSGtXalYqwbYq.exe
O4 - HKCU\..\Run: [YUHunt] "C:\Program Files\Your Uninstaller 2010\urmain.exe" -hunter
O4 - HKCU\..\Run: [1kAlMiG2Kb7FzP] C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Unknown owner - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6190 bytes

#7 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 07 October 2011 - 02:18 PM

Here is a dds file. Thanks

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 07 October 2011 - 05:11 PM

Hello, Frankie.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1


Crashes with GMER aren't uncommon or necessarily bad. The DDS log didn't attach and HJT is not as of much use. We'll look for rootkits in a bit, first let's kill that virus enough so that we can work on the computer.

Download RogueKiller and save it to your desktop.
  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • When prompted, type 1 (SCAN) and then press Enter
  • A report will open, please copy and paste this report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 08 October 2011 - 12:23 AM

Hi Etavares and thank you.RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Frank [Admin rights]
Mode: Scan -- Date : 10/08/2011 01:17:21

Bad processes: 3
[SUSP PATH] 2656641780:199075425.exe -- c:\windows\2656641780:199075425.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\system32\svchost.exe -> KILLED [TermProc]
[RESIDUE] 2656641780:199075425.exe -- c:\windows\2656641780:199075425.exe -> KILLED [TermProc]

Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 08 October 2011 - 04:55 AM

Hello, Frankie777.

OK, this is more than just a simple rogue. You have the ZAccess rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.


Step 1

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    c:\windows\2656641780
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.



Step 2

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 09 October 2011 - 09:57 AM

Hi Estavares ,Did what you said and now following the remainder of the steps. I will paste the logs.I do have the original boot up disk when and if needed. much thanks.

#12 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 09 October 2011 - 10:38 AM

DummyCreator by Farbar
Ran by Frank (administrator) on 09-10-2011 at 11:12:39
**************************************************************

c:\windows\2656641780 [09-10-2011 11:10:28]

== End of log ==

#13 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 09 October 2011 - 10:42 AM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\System Volume Information: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\$shtdwn$.req: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\mpasbase.vdm._p: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\mpasdlta.vdm: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\mpavbase.vdm._p: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\mpavdlta.vdm: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\mpengine.dll._p: Access is denied.

Failed to open \\?\c:\\12a09f6c5ea7051c380e08\MPSigStub.exe: Access is denied.

..Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0caad80adccff781fd36aaf26c5c925c_1115d190-6bcb-4d9d-aa8e-7c58694ed8c8: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Access is denied.

. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.

...Failed to open \\?\c:\\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe: Access is denied.

... ... Failed to open \\?\c:\\RECYCLER\S-1-5-21-1078081533-1123561945-725345543-1003\Dc16\gmer.exe: Access is denied.

... .Failed to open \\?\c:\\WINDOWS\$NtUninstallKB21059$: Access is denied.

.. ... ... ... ..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop.ini: Access is denied.

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 09 October 2011 - 05:37 PM

Hello, Frankie777.


Step 1

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\12a09f6c5ea7051c380e08\$shtdwn$.req
c:\12a09f6c5ea7051c380e08\mpasbase.vdm._p
c:\12a09f6c5ea7051c380e08\mpasdlta.vdm
c:\12a09f6c5ea7051c380e08\mpavbase.vdm._p
c:\12a09f6c5ea7051c380e08\mpavdlta.vdm
c:\12a09f6c5ea7051c380e08\mpengine.dll._p
c:\12a09f6c5ea7051c380e08\MPSigStub.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin
c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Frankie777

Frankie777
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 10 October 2011 - 03:49 PM

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2383 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\etavaresCF.exe.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
. ComboFix 11-10-10.02 - Frank 10/10/2011 16:15:47.1.1 - x86

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Frank\Application Data\OpenCloud Security
c:\documents and settings\Frank\Application Data\PriceGong
c:\documents and settings\Frank\lame_enc_en.dll
c:\documents and settings\Frank\lametritonus_en.dll
c:\windows\$NtUninstallKB21059$
c:\windows\$NtUninstallKB21059$\1479462639
c:\windows\$NtUninstallKB21059$\4095891870\@
c:\windows\$NtUninstallKB21059$\4095891870\click.tlb
c:\windows\$NtUninstallKB21059$\4095891870\L\ojtwiagv
c:\windows\$NtUninstallKB21059$\4095891870\loader.tlb
c:\windows\$NtUninstallKB21059$\4095891870\U\@00000001
c:\windows\$NtUninstallKB21059$\4095891870\U\@000000c0
c:\windows\$NtUninstallKB21059$\4095891870\U\@000000cb
c:\windows\$NtUninstallKB21059$\4095891870\U\@000000cf
c:\windows\$NtUninstallKB21059$\4095891870\U\@80000000
c:\windows\$NtUninstallKB21059$\4095891870\U\@800000c0
c:\windows\$NtUninstallKB21059$\4095891870\U\@800000cb
c:\windows\$NtUninstallKB21059$\4095891870\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\2656641780
c:\windows\system32\
c:\windows\system32\c_28090.nls
c:\windows\system32\d3d9caps.dat
c:\windows\system32\intelw32.dll
.
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . . . is infected!!
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B6858130-8C9E-448D-A807-9946A79F50ED}\RP753\A0362851.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B6858130-8C9E-448D-A807-9946A79F50ED}\RP753\A0362852.exe
.
Infected copy of c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B6858130-8C9E-448D-A807-9946A79F50ED}\RP753\A0362853.exe
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe . . . is infected!!
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_f422599e
-------\Legacy_intelpower
-------\Service_intelpower
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 19:21 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-10-10 19:21 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-09 15:08 . 2010-09-07 19:39 150392 ----a-w- c:\windows\junction.exe
2011-10-08 05:17 . 2011-10-08 05:17 111744 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-09-29 16:11 . 2011-09-29 17:02 -------- d-----w- c:\documents and settings\SallyJane
2011-09-29 15:58 . 2011-09-29 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-29 15:58 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 13:49 . 2011-09-21 13:00 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-28 13:42 . 2011-09-28 13:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC5C8AAA-3980-4F00-A536-12BF0AB9DCB4}\offreg.dll
2011-09-28 13:42 . 2011-09-12 20:14 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC5C8AAA-3980-4F00-A536-12BF0AB9DCB4}\mpengine.dll
2011-09-28 13:34 . 2011-09-28 13:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-27 22:46 . 2011-09-27 22:46 -------- d-----w- c:\program files\RegInOut
2011-09-27 18:05 . 2011-09-29 16:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-27 16:43 . 2011-09-27 16:43 37376 ----a-w- c:\windows\system32\inetsw32.dll
2011-09-27 08:12 . 2011-09-27 09:23 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-09-26 20:49 . 2011-09-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-09-26 20:49 . 2011-09-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-13 17:51 . 2011-09-13 17:51 1409 ----a-w- c:\windows\system32\PGMUS.FOT
2011-09-13 17:51 . 2011-09-13 17:51 1409 ----a-w- c:\windows\system32\pgjazz__.FOT
2011-09-13 17:50 . 2000-01-04 10:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-09-13 17:50 . 2011-09-13 17:50 -------- d-----w- c:\program files\Coyote
2011-09-13 17:49 . 2011-09-13 17:49 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2011-09-13 17:47 . 2011-09-24 15:09 -------- d-----w- C:\bb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 14:57 . 2011-05-21 03:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-08 02:53 . 2011-05-06 16:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetsw32]
2011-09-27 16:43 37376 ----a-w- c:\windows\system32\inetsw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\intelworks]
2011-09-27 16:43 37376 ----a-w- c:\windows\system32\inetsw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"LinksysUpdater"=2 (0x2)
"wlidsvc"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\GAMES\\Nightmare House 2\\hl2.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\RegInOut\\RegInOut.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26900:UDP"= 26900:UDP:*:Disabled:eJamming AUDiiO 3.0
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S1 MpKsl000c8ab9;MpKsl000c8ab9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECD9EB5A-058A-4BC6-92D8-B41B5A4D94B1}\MpKsl000c8ab9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECD9EB5A-058A-4BC6-92D8-B41B5A4D94B1}\MpKsl000c8ab9.sys [?]
S1 MpKsl02bb8f74;MpKsl02bb8f74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl02bb8f74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl02bb8f74.sys [?]
S1 MpKsl0415cd7c;MpKsl0415cd7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5305E9-0036-4140-A575-692F7E0D4940}\MpKsl0415cd7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E5305E9-0036-4140-A575-692F7E0D4940}\MpKsl0415cd7c.sys [?]
S1 MpKsl0755e744;MpKsl0755e744;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0C68FC9-2BD6-41B8-B57C-615860FAF9D4}\MpKsl0755e744.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0C68FC9-2BD6-41B8-B57C-615860FAF9D4}\MpKsl0755e744.sys [?]
S1 MpKsl0839bd47;MpKsl0839bd47;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl0839bd47.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl0839bd47.sys [?]
S1 MpKsl0c61955b;MpKsl0c61955b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl0c61955b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl0c61955b.sys [?]
S1 MpKsl16f7a5af;MpKsl16f7a5af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl16f7a5af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl16f7a5af.sys [?]
S1 MpKsl1ae557fa;MpKsl1ae557fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl1ae557fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl1ae557fa.sys [?]
S1 MpKsl1f379e54;MpKsl1f379e54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl1f379e54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl1f379e54.sys [?]
S1 MpKsl23882c01;MpKsl23882c01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl23882c01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl23882c01.sys [?]
S1 MpKsl247e5a8a;MpKsl247e5a8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl247e5a8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl247e5a8a.sys [?]
S1 MpKsl24eb4ba6;MpKsl24eb4ba6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl24eb4ba6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl24eb4ba6.sys [?]
S1 MpKsl2a7c27ba;MpKsl2a7c27ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl2a7c27ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl2a7c27ba.sys [?]
S1 MpKsl2afbe4a7;MpKsl2afbe4a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl2afbe4a7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl2afbe4a7.sys [?]
S1 MpKsl2b10b29e;MpKsl2b10b29e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl2b10b29e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl2b10b29e.sys [?]
S1 MpKsl2e40e3f6;MpKsl2e40e3f6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85D726D0-130D-46D7-B4CC-32E6060EE9E6}\MpKsl2e40e3f6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85D726D0-130D-46D7-B4CC-32E6060EE9E6}\MpKsl2e40e3f6.sys [?]
S1 MpKsl2f76e637;MpKsl2f76e637;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68906724-41AE-46BF-AC13-ECB35BB2C2A8}\MpKsl2f76e637.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68906724-41AE-46BF-AC13-ECB35BB2C2A8}\MpKsl2f76e637.sys [?]
S1 MpKsl31d49ad4;MpKsl31d49ad4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl31d49ad4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl31d49ad4.sys [?]
S1 MpKsl38aa49f8;MpKsl38aa49f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl38aa49f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl38aa49f8.sys [?]
S1 MpKsl3f954b2c;MpKsl3f954b2c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl3f954b2c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl3f954b2c.sys [?]
S1 MpKsl41633934;MpKsl41633934;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl41633934.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl41633934.sys [?]
S1 MpKsl419ff8cc;MpKsl419ff8cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl419ff8cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl419ff8cc.sys [?]
S1 MpKsl4309c8d7;MpKsl4309c8d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl4309c8d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl4309c8d7.sys [?]
S1 MpKsl440884fe;MpKsl440884fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl440884fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl440884fe.sys [?]
S1 MpKsl44b8580e;MpKsl44b8580e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{563B2B82-E78E-474C-B78B-0A83CE5DF251}\MpKsl44b8580e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{563B2B82-E78E-474C-B78B-0A83CE5DF251}\MpKsl44b8580e.sys [?]
S1 MpKsl47087097;MpKsl47087097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECD9EB5A-058A-4BC6-92D8-B41B5A4D94B1}\MpKsl47087097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECD9EB5A-058A-4BC6-92D8-B41B5A4D94B1}\MpKsl47087097.sys [?]
S1 MpKsl4777f1c9;MpKsl4777f1c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76424D2A-780C-4D1F-AE57-86969BCB82B2}\MpKsl4777f1c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76424D2A-780C-4D1F-AE57-86969BCB82B2}\MpKsl4777f1c9.sys [?]
S1 MpKsl4b5374d6;MpKsl4b5374d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl4b5374d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl4b5374d6.sys [?]
S1 MpKsl4cd2374b;MpKsl4cd2374b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl4cd2374b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl4cd2374b.sys [?]
S1 MpKsl4e90768f;MpKsl4e90768f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl4e90768f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl4e90768f.sys [?]
S1 MpKsl4f511007;MpKsl4f511007;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl4f511007.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl4f511007.sys [?]
S1 MpKsl51d704af;MpKsl51d704af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl51d704af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl51d704af.sys [?]
S1 MpKsl5b0ee845;MpKsl5b0ee845;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85D726D0-130D-46D7-B4CC-32E6060EE9E6}\MpKsl5b0ee845.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85D726D0-130D-46D7-B4CC-32E6060EE9E6}\MpKsl5b0ee845.sys [?]
S1 MpKsl5b400194;MpKsl5b400194;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl5b400194.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl5b400194.sys [?]
S1 MpKsl5ba540e0;MpKsl5ba540e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl5ba540e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl5ba540e0.sys [?]
S1 MpKsl63cb920f;MpKsl63cb920f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F5C4422-E23D-4E99-8D6F-CC11DB2F5F32}\MpKsl63cb920f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F5C4422-E23D-4E99-8D6F-CC11DB2F5F32}\MpKsl63cb920f.sys [?]
S1 MpKsl6abf6139;MpKsl6abf6139;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl6abf6139.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl6abf6139.sys [?]
S1 MpKsl6d460dd0;MpKsl6d460dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl6d460dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl6d460dd0.sys [?]
S1 MpKsl6e201ec1;MpKsl6e201ec1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl6e201ec1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl6e201ec1.sys [?]
S1 MpKsl743a1a04;MpKsl743a1a04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{90C0B4B6-8E99-4813-9DEE-30F732BA247F}\MpKsl743a1a04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{90C0B4B6-8E99-4813-9DEE-30F732BA247F}\MpKsl743a1a04.sys [?]
S1 MpKsl74e3e2e4;MpKsl74e3e2e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl74e3e2e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl74e3e2e4.sys [?]
S1 MpKsl7736c117;MpKsl7736c117;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl7736c117.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl7736c117.sys [?]
S1 MpKsl78df0b67;MpKsl78df0b67;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsl78df0b67.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsl78df0b67.sys [?]
S1 MpKsl79e1de47;MpKsl79e1de47;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl79e1de47.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl79e1de47.sys [?]
S1 MpKsl7e29ac2b;MpKsl7e29ac2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B341E653-87CE-4C69-B5BE-FBED7FC437AF}\MpKsl7e29ac2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B341E653-87CE-4C69-B5BE-FBED7FC437AF}\MpKsl7e29ac2b.sys [?]
S1 MpKsl8149b1c7;MpKsl8149b1c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8149b1c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8149b1c7.sys [?]
S1 MpKsl89167427;MpKsl89167427;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl89167427.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl89167427.sys [?]
S1 MpKsl89dfb246;MpKsl89dfb246;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl89dfb246.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl89dfb246.sys [?]
S1 MpKsl8ad99b84;MpKsl8ad99b84;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8ad99b84.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8ad99b84.sys [?]
S1 MpKsl8d1b5b46;MpKsl8d1b5b46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8d1b5b46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl8d1b5b46.sys [?]
S1 MpKsl8eeaa8b8;MpKsl8eeaa8b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl8eeaa8b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl8eeaa8b8.sys [?]
S1 MpKsl8f08cc56;MpKsl8f08cc56;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8f08cc56.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8f08cc56.sys [?]
S1 MpKsl8fb9995d;MpKsl8fb9995d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8fb9995d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8fb9995d.sys [?]
S1 MpKsl8ff87c4f;MpKsl8ff87c4f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8ff87c4f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsl8ff87c4f.sys [?]
S1 MpKsl90b713ec;MpKsl90b713ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl90b713ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKsl90b713ec.sys [?]
S1 MpKsl93ab862d;MpKsl93ab862d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl93ab862d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl93ab862d.sys [?]
S1 MpKsl95e9e7d0;MpKsl95e9e7d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl95e9e7d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsl95e9e7d0.sys [?]
S1 MpKsl962d6107;MpKsl962d6107;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl962d6107.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsl962d6107.sys [?]
S1 MpKsl98f1a4b4;MpKsl98f1a4b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl98f1a4b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl98f1a4b4.sys [?]
S1 MpKsl9e0e854d;MpKsl9e0e854d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsl9e0e854d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsl9e0e854d.sys [?]
S1 MpKsl9e7983aa;MpKsl9e7983aa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl9e7983aa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsl9e7983aa.sys [?]
S1 MpKsl9feaf0bb;MpKsl9feaf0bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl9feaf0bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsl9feaf0bb.sys [?]
S1 MpKsla05a012f;MpKsla05a012f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsla05a012f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsla05a012f.sys [?]
S1 MpKsla0c24c74;MpKsla0c24c74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsla0c24c74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsla0c24c74.sys [?]
S1 MpKsla546b885;MpKsla546b885;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsla546b885.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsla546b885.sys [?]
S1 MpKsla99b592a;MpKsla99b592a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsla99b592a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKsla99b592a.sys [?]
S1 MpKslaa54f798;MpKslaa54f798;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslaa54f798.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslaa54f798.sys [?]
S1 MpKslac1b811f;MpKslac1b811f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKslac1b811f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{883B5FA0-E583-4B66-A231-2C877F4A6F90}\MpKslac1b811f.sys [?]
S1 MpKslb51f1503;MpKslb51f1503;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKslb51f1503.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKslb51f1503.sys [?]
S1 MpKslb5e70b2e;MpKslb5e70b2e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslb5e70b2e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslb5e70b2e.sys [?]
S1 MpKslb75e29fa;MpKslb75e29fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslb75e29fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslb75e29fa.sys [?]
S1 MpKslb860a2d2;MpKslb860a2d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED93646-2A05-41D5-925F-3CE917792A7D}\MpKslb860a2d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EED93646-2A05-41D5-925F-3CE917792A7D}\MpKslb860a2d2.sys [?]
S1 MpKslbadc80f3;MpKslbadc80f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbadc80f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbadc80f3.sys [?]
S1 MpKslbbfd26ae;MpKslbbfd26ae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslbbfd26ae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslbbfd26ae.sys [?]
S1 MpKslbd98f589;MpKslbd98f589;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslbd98f589.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslbd98f589.sys [?]
S1 MpKslbe9b0abc;MpKslbe9b0abc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbe9b0abc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbe9b0abc.sys [?]
S1 MpKslbf170a06;MpKslbf170a06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76424D2A-780C-4D1F-AE57-86969BCB82B2}\MpKslbf170a06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76424D2A-780C-4D1F-AE57-86969BCB82B2}\MpKslbf170a06.sys [?]
S1 MpKslbfcf5b5a;MpKslbfcf5b5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbfcf5b5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslbfcf5b5a.sys [?]
S1 MpKslc3f82fad;MpKslc3f82fad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslc3f82fad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslc3f82fad.sys [?]
S1 MpKslc81d9d58;MpKslc81d9d58;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslc81d9d58.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslc81d9d58.sys [?]
S1 MpKslcdb05800;MpKslcdb05800;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslcdb05800.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslcdb05800.sys [?]
S1 MpKslce7b4c68;MpKslce7b4c68;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslce7b4c68.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslce7b4c68.sys [?]
S1 MpKslcfb14248;MpKslcfb14248;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{684CC72E-D745-4299-BAAC-F04FDA76A2DB}\MpKslcfb14248.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{684CC72E-D745-4299-BAAC-F04FDA76A2DB}\MpKslcfb14248.sys [?]
S1 MpKsld2c2e720;MpKsld2c2e720;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsld2c2e720.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsld2c2e720.sys [?]
S1 MpKsld356c52c;MpKsld356c52c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsld356c52c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsld356c52c.sys [?]
S1 MpKsld3e1bd2e;MpKsld3e1bd2e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsld3e1bd2e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A84E90A-8870-4768-B858-C8537037B55F}\MpKsld3e1bd2e.sys [?]
S1 MpKsld3eb1840;MpKsld3eb1840;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsld3eb1840.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsld3eb1840.sys [?]
S1 MpKsldbc749c7;MpKsldbc749c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsldbc749c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsldbc749c7.sys [?]
S1 MpKsldc802da6;MpKsldc802da6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsldc802da6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsldc802da6.sys [?]
S1 MpKsldd14d827;MpKsldd14d827;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsldd14d827.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsldd14d827.sys [?]
S1 MpKsldd94d6fa;MpKsldd94d6fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsldd94d6fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKsldd94d6fa.sys [?]
S1 MpKslddf98f2b;MpKslddf98f2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslddf98f2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslddf98f2b.sys [?]
S1 MpKsle39fd121;MpKsle39fd121;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsle39fd121.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsle39fd121.sys [?]
S1 MpKsle580e9a5;MpKsle580e9a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsle580e9a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKsle580e9a5.sys [?]
S1 MpKsle980dd58;MpKsle980dd58;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsle980dd58.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKsle980dd58.sys [?]
S1 MpKsleaba1552;MpKsleaba1552;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsleaba1552.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKsleaba1552.sys [?]
S1 MpKslec72cf03;MpKslec72cf03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKslec72cf03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811A46E1-FAD5-4CE9-931C-8895484CACDF}\MpKslec72cf03.sys [?]
S1 MpKslec919041;MpKslec919041;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKslec919041.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DD7E8EA-672E-4B29-8600-8BB938CA4465}\MpKslec919041.sys [?]
S1 MpKslee6f7537;MpKslee6f7537;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslee6f7537.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslee6f7537.sys [?]
S1 MpKslf2a720a1;MpKslf2a720a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf2a720a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf2a720a1.sys [?]
S1 MpKslf59e4904;MpKslf59e4904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf59e4904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf59e4904.sys [?]
S1 MpKslf7107254;MpKslf7107254;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9989B584-00CF-41C2-9F7B-A05EACAEA614}\MpKslf7107254.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9989B584-00CF-41C2-9F7B-A05EACAEA614}\MpKslf7107254.sys [?]
S1 MpKslf7857c00;MpKslf7857c00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf7857c00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D312EADB-FFC1-41B0-81DC-68F2FC605609}\MpKslf7857c00.sys [?]
S1 MpKslf8f18a11;MpKslf8f18a11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKslf8f18a11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B5C4655-40B0-40B3-A8F7-2C819144AC5C}\MpKslf8f18a11.sys [?]
S1 MpKslf9957ffb;MpKslf9957ffb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslf9957ffb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslf9957ffb.sys [?]
S1 MpKslfad09d22;MpKslfad09d22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfad09d22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfad09d22.sys [?]
S1 MpKslfd0e9b77;MpKslfd0e9b77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfd0e9b77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfd0e9b77.sys [?]
S1 MpKslfedff567;MpKslfedff567;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfedff567.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5980422D-DEA0-45F8-8D08-02B1D91157C9}\MpKslfedff567.sys [?]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe --> c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [?]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys --> c:\windows\system32\DRIVERS\HDJMidi.sys [?]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [10/8/2011 1:17 AM 111744]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetsvcs REG_MULTI_SZ intelpower
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-10-10 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-09-04 c:\windows\Tasks\RegInOut Scheduled Scan - Frank.job
- c:\program files\RegInOut\RegInOut.exe [2011-07-14 17:42]
.
2011-08-04 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2010-11-02 18:09]
.
2011-09-28 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2010-11-02 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\98yg05py.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 16:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:85,10,d7,47,4c,e3,84,05,60,7e,fd,45,de,b6,7c,47,4c,68,43,97,0a,
14,55,a1,1d,9a,a1,6d,bc,90,ef,0b,a0,6a,ac,28,89,8f,5d,47,e6,fd,e8,a1,35,5e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\inetsw32.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(776)
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2011-10-10 16:42:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 20:42
.
Pre-Run: 129,455,779,840 bytes free
Post-Run: 129,643,036,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=1 Default=1 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 3DF1356B9221E316293DE92CA26E9FEA




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users